In our last ZapFlash, The Five Supertrends of Enterprise IT, ZapThink announced our new ZapThink 2020 conceptual framework that helps organizations understand the complex interrelationships among the various forces of change impacting IT shops over the next 10 years, and how to leverage those forces of change to achieve the broader goals of the organization.

In many ways, however, ZapThink 2020 is as much about risk mitigation as it is about strategic benefit. Every element of ZapThink 2020 is a problem, as well as an opportunity. Nowhere is this focus on risk mitigation greater than with ZapThink 2020’s six Crisis Points.

Defining a crisis point

Of course, life in general -- as well as business in particular -- are both filled with risks, and a large part of any executive’s job description is dealing with everyday crises. A Crisis Point, however, goes beyond everyday, garden-variety fire fighting. To be a Crisis Point, the underlying issue must both be potentially game-changing as well as largely unexpected. The element of surprise is what makes each Crisis Point especially dangerous – not that the crisis itself is necessarily a surprise, but rather, just how transformative the event promises to be.

Here then are ZapThink 2020’s seven Crisis Points, why they’re surprising, and why they’re game-changing. Over the next several months we’ll dive deeper into each one, but for now, here’s a high-level overview.

Why is it that so many enterprises today handle their own IT, and in particular, write their own software? They use office furniture, but nobody would think of manufacturing their own, except of course if you’re in the office furniture manufacturing business.

The game-changing nature of this Crisis Point is obvious, but what’s surprising will be just how fast enterprises rush to offload their entire IT organizations, once it becomes clear that the first to do so have achieved substantial benefits from this move.IPv4 exhaustion – Every techie knows that we’re running out of IP addresses, because the IPv4 address space only provides for about 4.3 billion IP addresses, and they’ve almost all been assigned.

IPv6 is around the corner, but very little of our Internet infrastructure supports IPv6 at this time. The surprise here is what will happen when we run out of addresses: the secondary market for IP addresses will explode.

As it turns out, a long time ago IANA assigned most IP addresses to a select group of Class A holders, who each got a block of about 16.8 million addresses.

Companies like Ford, Eli Lilly, and Halliburton all ended up with one of these blocks. How much money do you think they can make selling them once the unassigned ones are all gone?Fall of frameworks – Is your chief Enterprise Architect your CEO’s most trusted, important advisor? No? Well, why not?

After all, EA is all about organizing the business to achieve its strategic goals in the best way we know how, and the EA is supposed to know how. The problem is, most EAs are bogged down in the details, spending time with various frameworks and other artifacts, to the point where the value they provide to their organizations is unclear.

But what happens when there is a concerted, professional, widespread, expert attack on some key part of our global IT infrastructure? It’s not a matter of if, it’s a matter of when.

The surprise here will be just how effective such an attack can be, and perhaps how poor the response is, depending on who the target is. Will terrorists take down the Internet? Maybe just the DNS infrastructure? Or will this battle be between corporations? Regardless, the world post-Cyberwar will never be the same.

As the quantity and complexity of available information exceeds our ability to deal with such information, we’ll need to take a new approach to governance.Arrival of Generation Y – These are the kids who are currently in college, more or less. Not only is this generation the “post-email” generation, they have grown up with social media.

When they hit the workforce they will hardly tolerate the archaic approach to IT we have today. Sure, some will change to fit the current system, but enterprises who capitalize on this generation’s new perspective on IT will obtain a strategic advantage.

We saw this generational effect when Generation X hit the workforce around the turn of the century – a cadre of young adults who weren’t familiar with a world without the Web. That generation was instrumental in shifting the Web from a fad into an integral part of how we do business today. Expect the same from Generation Y and social media.Data explosion – As the quantity and complexity of available information exceeds our ability to deal with such information, we’ll need to take a new approach to governance.

ZapThink discussed this Crisis Point in our ZapFlash The Christmas Day Bomber, Moore’s Law, and Enterprise IT. But while an essential part of dealing with the data explosion crisis point is a move to governance-driven Complex Systems, we place this Crisis Point in the Democratization of Technology Supertrend.

The shift in thinking will be away from the more-is-better, store-and-analyze school of data management to a much greater focus on filtering and curating information. We’ll place increasingly greater emphasis on small quantities of information, by ensuring that information is optimally valuable.Enterprise application crash – The days of “Big ERP” are numbered – as well as those of “Big CRM” and “Big SCM” and … well, all the big enterprise apps. These lumbering monstrosities are cumbersome, expensive, inflexible, and filled at their core with ancient spaghetti code.

There’s got to be a better way to run an enterprise. Fortunately, there is. And once enterprises figure this out, one or more of the big enterprise app vendors will be caught by surprise and go out of business. Will it be one of your vendors?

The ZapThink take

We can’t tell you specifically when each of these Crisis Points will come to pass, or precisely how they will manifest. What we can say with a good amount of certainty, however, is that you should be prepared for them. If one or another proves to be less problematic or urgent than feared, then we can all breathe a sigh of relief. But should one come to pass as feared, then the organizations who have suitably prepared for it will not only be able to survive, but will be able to take advantage of the fact that their competition was not so well equipped.

The real challenge with preparing for such Crisis Points is in understanding their context. None of them happens in isolation; rather, they are all interrelated with other issues and the broader Supertrends that they are a part of.

That’s where ZapThink comes in. We are currently putting together a poster that will help people at a variety of organizations understand the context for change in their IT shops over the next ten years, and how they will impact business. We’re currently looking for sponsors. Drop us a line if you’d like more information.

Advanced SOA architects might want to enroll in ZapThink's SOA Governance and Security training and certification courses. Or, are you just looking to network with your peers, interact with experts and pundits, and schmooze on SOA after hours? Join us at an upcoming ZapForum event. Find out more and register for these events at http://www.zapthink.com/eventreg.html.You may also be interested in:

The goals then are data center transformation, performance and workload agility, and cost and energy efficiency. Many data centers are leveraging automation and best practices to attain 70 percent and even 80 percent adoption rates.

By taking such a strategic outlook on virtualization, process automation sets up companies to better exploit cloud computing and IT transformation benefits at the pace of their choosing, not based on artificial limits imposed by dated or manual management practices.

Vogel: Probably the biggest misconception that I see with clients is the assumption that they're fully virtualized, when they're probably only 30 or 40 percent virtualized. They've gone out and done the virtualization of IT, for example, and they haven't even started to look at Tier 1 applications.

The misconception is that we can't virtualize Tier 1 apps. In reality, we see clients doing it every day. The broadest misconception is what virtualization can do and how far it can get you. Thirty percent is the low-end threshold today. We're seeing clients who are 75-80 percent virtualized in Tier 1 applications.

Frieberg: The three misconceptions I see a lot are, one, automation and virtualization are just about reducing head count. The second is that automation doesn't have as much impact on compliance. The third is if automation is really at the element level, they just don't understand how they would do this for these Tier 1 workloads.

You're starting to see the movement beyond those initial goals of eliminating people to ensuring compliance. They're asking how do I establish and enforce compliance policies across my organization, and beyond that, really capturing or using best practices within the organization.

When you look at the adoption, you have to look at where people are going, as far as the individual elements, versus the ultimate goal of automating the provisioning and rolling out a complete business service or application.

When I talk to people about automation, they consistently talk about what I call "element automation." Provisioning a server, a database, or a network device is a good first step, and we see gaining market adoption of automating these physical things. What we're also seeing is the idea of moving beyond the individual element automation to full process automation.

Self-service provisioning

As companies expand their use of automation to full services, they're able to reduce that time from months down to days or weeks. This is what some people are starting to call cloud provisioning or self-service business application provisioning. This is really the ultimate goal -- provisioning these full applications and services versus what is often IT’s goal -- automating the building blocks of a full business service.

This is where you're starting to see what some people call the "lights out" data center. It has the same amount or even less physical infrastructure using less power, but you see the absence of people. These large data centers just have very few people working in them, but at the same time, are delivering applications and services to people at a highly increased rate rather than as traditionally provided by IT.Vogel: One of the challenges that our clients face is how to build the business case for moving from 30 percent to 60 or 70 percent virtualized. This is an ongoing debate within a number of clients today, because they look at that initial upfront cost and see that the investment is probably higher than what they were anticipating. I think in a lot of cases that is holding our clients back from really achieving these higher levels of virtualization.

In order to really make that jump, the business case has to be made beyond just reduction in headcount or less work effort. We see clients having to look at things like improving availability, being able to do migrations, streamlined backup capabilities, and improved fault-tolerance. When you start looking across the broader picture of the benefits, it becomes easier to make a business case to start moving to a higher percentage of virtualization.

One of the things we saw early on with virtualization is that just moving to a virtual environment does not necessarily reduce a lot of the maintenance and management that we have, because we haven’t really done anything to reduce the number of OS instances that have to be managed.

More than just asset reductionThe benefits are relatively constrained, if we look at it from just a physical footprint reduction. In some cases, it might be significant if a client is running out of data-center space, power, or cooling capacity within the data center. Then, virtualization makes a lot of sense because of the reduction in asset footprint.

But, when we start looking at coupling virtualization with improved process and improved governance, thereby reducing the number of OS instances, application rationalization, and those kinds of broader process type issues, then we start to see the big benefits come into play.

Now, we're not talking just about reducing the asset footprint. We're also talking about reducing the number of OS instances. Hence, the management complexity of that environment will decrease. In reality, the big benefits are on the logical side and not so much on the physical side.

It becomes more than just talking about the hardware or the virtualization, but rather a broader question of how IT operates and procures services.

Frieberg: What we're seeing in companies is that they're realizing that their business applications and services are becoming too complex for humans to manage quickly and reliably.

The demands of provisioning, managing, and moving in this new agile development environment and this environment of hybrid IT, where you're consuming more business services, is really moving beyond what a lot of people can manage. The idea is that they are looking at automation to make their life easier, to operate IT in a compliant way, and also deliver on the overall business goals of a more agile IT.

Companies are almost going through three phases of maturity when they do this. The first aspect is that a lot of automation revolves around "run book automation" (RBA), which is this physical book that has all these scripts and processes that IT is supposed to look at.

But, what you find is that their processes are not very standardized. They might have five different ways of configuring your device, resetting the server, and checking why an application isn’t working.

So, as we look at maturity, you’ve got to standardize on a set of ways. You have to do things consistently. When you standardize methods, you then find out you're able to do the second level of maturity, which is consolidate.

Transforming how IT operatesVogel: It becomes more than just talking about the hardware or the virtualization, but rather a broader question of how IT operates and procures services. We have to start changing the way we are thinking when we're going to stand up a number of virtual images.

When we start moving to a cloud environment, we talk about how we share a resource pool. Virtualization is obviously key and an underlying technology to enable that sharing of a virtual resource pool.

This includes the ability to create hybrid cloud infrastructures, which are partially a private cloud that sits within your own site, and the ability to burst seamlessly to a public cloud as needed for excess capacity, as well as the ability to seamlessly transfer workloads in and out of a private cloud to a public cloud provider as needed.

We're seeing the shift from IT becoming more of a service broker, where services are sourced and not just provided internally, as was traditionally done. Now, they're sourced from a public cloud provider or a public-service provider, or provided internally on a private cloud or on a dedicated piece of hardware. IT now has more choices than ever in how they go about procuring that service.

But it becomes very important to start talking about how we govern that, how we control who has access, how we can provision, what gets provisioned and when. ... It's a much bigger problem and a more complicated problem as we start going to higher levels of virtualization and automation and create environments that start to look like a private cloud infrastructure.

I don’t think anybody will question that there are continued significant benefits, as we start looking at different cloud computing models. If we look at what public cloud providers today are charging for infrastructure, versus what it costs a client today to stand up an equivalent server in their environment, the economics are very, very compelling to move to a cloud-type of model.

Governance crosses boundary to strategy

Without the proper governance in place, we can actually see cost increase, but when we have the right governance and processes in place for this cloud environment, we've seen very compelling economics, and it's probably the most compelling change in IT from an economic perspective within the last 10 years.

Frieberg: If you want to automate and virtualize an entire service, you’ve got to get 12 people to get together to look at the standard way to roll out that environment, and how to do it in today’s governed, compliant infrastructure.

The coordination required, to use a term used earlier, isn’t just linear. It sometimes becomes exponential. So there are challenges, but the rewards are also exponential. This is why it takes weeks to put these into production. It isn’t the individual pieces. You're getting all these people working together and coordinated. This is extremely difficult and this is what companies find challenging.

The key goal here is that we work with clients who realize that you don’t want a two-year payback. You want to show payback in three or four months. Get that payback and then address the next challenge and the next challenge and the next challenge. It's not a big bang approach. It's this idea of continuous payback and improvement within your organization to move to the end goal of this private cloud or hybrid IT infrastructure.

We definitely understand and recognize that it has to be part of the IT strategy. It is not just a tactical decision to move a server from physical machine to a virtual machine, but rather it becomes part of an IT organization’s DNA that everything is going to move to this new environment.

We're really going to start looking at everything as a service, as opposed to as a server, as a network component, as a storage device, how those things come together, and how we virtualize the service itself as opposed to all of those unique components.

It really becomes baked into an IT organization’s DNA, and we need to look very closely at their capability -- how capable an organization is from a cultural standpoint, a governance standpoint, and a process standpoint to really operationalize that concept.

Delivered at the VMworld conference in San Francisco, HP is taking a practical approach for creating cloud and shared services deployment models that make quick economic sense by targeting costly and sprawling server farms that support seas of Microsoft, SAP and other "out of the box" business applications as services. [Disclosure: HP is a sponsor of BriefingsDirect podcasts.]

In doing so, HP is moving quickly to try and carve out a leadership position for the fast (30 days, they say) set-up of private clouds, coupled with the ease of a SaaS-based deployment, maintenance and ongoing operations portal that implements and supports the clouds and the applications they support. The targeting of costly and often inefficient Microsoft Exchange and SharePoint farms also points to the creeping separation of Microsoft's and HP's infrastructure -- and cloud -- strategies.

At the same time, HP's cloud hardware, software and services packaging via CloudStart exploits HP's product strengths while setting the stage for enterprise application stores, service catalogs of metered apps as services, more choices of moving to hybrid clouds, and easy segues to multiple sourcing and hosting options, all of which play into HP's Enterprise Services (nee EDS) on the hosting side.

CloudStart is also what I believe is only the opening salvo in a comprehensive private cloud initiative and strategy drive that HP aims to win. Expect more developments through the fall on HP Cloud Service Automation (CSA) and applications lifecycle management products, services and professional services support offerings.

Such mission-critical aspects as disaster recovery, security, storage efficiency, governance, patches support, compliance and audits support, and use metering and charge-backs billing are also included in the CloudStart offerings and road map, HP said.

HP also announced Cloud Maps for use with apps and solutions from VMware, SAP, Oracle and Microsoft to significantly speed application deployment via tested, cloud-ready app configurations. Cloud Maps are imported directly into private cloud environments, enabling them to develop a catalog of cloud services.

The combination of the cloud elements could lead to a "standardized" approach for creating and expanding private clouds throughout an enterprise, said Paul Miller, vice president, Solutions and Strategic Alliances, Enterprise Servers, Storage and Networking at HP. The solution is designed to be deployed on-premises but uses an HP-operated, off-premises and SaaS setup and operations portal.

And that SaaS, self-service aspect could be a key to the practical deployment of enterprise clouds, which HP sees as rapidly growing in interest in a "multi-source IT world," even if enterprises are not quite sure how to begin. HP recognizes that moving from a non-cloud problem set of complexity and sprawl to a cloud-based world of complexity and sprawl sort of defeats the purpose and economics.

IT leaders need cloud road map

"When CIOs have a simplified way to map their path to the private cloud, including all the necessary components from infrastructure and applications to services, they are more likely to identify a comprehensive and realistic deployment scenario for their organization," said Matt Eastwood, group vice president, Enterprise Platform Group, IDC, in a release. "With the HP CloudStart solution, clients now have a way to accelerate the adoption of service-oriented environments for a private cloud that matches the speed, flexibility and economies of public cloud without the risk or loss of control."

So CloudStart works to consolidate, integrate, and converge the cloud support elements -- and in doing so creates a compelling alternative to IT infrastructure as usual. And maybe a standard on-ramp to the use of heterogeneous private clouds?

The HP CloudStart solution is offered now in Asia-Pacific and Japan and expected to be available globally in December.

I see the self-service portal as a critical differentiator, and could also lead to what we think of the "app stores" model for consumer and entertainment uses moving to the enterprise apps space. Because once a private cloud has been deployed, and if managed via a HP portal, applications in a service catalog via the portal could be then chosen and deployed in a common manner, all with a managed pay-as-you go metered model or other SLAs. Indeed, other apps within the enterprise could also be brought into the cloud to also be metered and charged back by usage to the business users.

Kind of reminds me of getting the values of SOA but having someone else build it out.

Accountants love this model, as it helps move IT from a cost center into an SLA-driven service center. Over time a variety of hybrid cloud offerings -- perhaps leveraging the standardized CloudStart deployment model and common billing model -- could be explored and transitioned to. That is, HP could then go the enterprises using CloudStart and via the management portal, offer to run those or other apps on its data centers -- perhaps substantially cutting the total costs of apps delivery.

This way, the enterprise app store and service catalog becomes the interface between the IT managers and the service vendors. IT becomes a procurement and brokering function, amid -- one hopes -- a vibrant market of cloud services offerings. It makes IT into more like any other mature business function ... like materials, logistics, supply chain, HR, energy, facilities, etc.

Future of IT?

Here's where the future of IT is headed. Whatever vendor/supplier/service provider (and its ecosystem) gets to IT as a service first and best, and then offers the best long-term value, support, management and reliability ... wins.